Make Bitcoin (BTC), Litecoin or Dash wallet private through Tor proxy

Intro

As of now, it should be common knowledge, that Bitcoin is the exact opposite of being a privacy coin, with your IP made available for anybody in the BTC network. Because of this, your transactions can be tracked directly to you.

This article describes how to hide these transactions from anybody who’s watching. We will achieve this by running the Bitcoin Core full node through the Tor Proxy, installed on any Linux / Mac box within your Local Area Network. If you use Linux / Mac as your desktop PC, then this PC will be able to start the Tor Proxy. Otherwise, I will instruct you how to install such Proxy on a Raspberry Pi or a similar Single Board Computer (SBC).

Although Bitcoin is the main actor here, this how-to is applicable to any Bitcoin forks, like Litecoin or Dash (however Dash doesn't support a separate wallet directory, but it does support a separate wallet file).

The Problem …

Running a full node is resource demanding until the node is fully synchronized. Syncing through Tor and through SBC on top of this would slow down the process significantly. Even assuming syncing has already been done, if you’d like to help the Bitcoin blockchain to replicate via your already synchronized full node, it won’t be easy to allow this via Tor without extra effort, which is out of scope of this article, as it assumes dealing with firewalls.

… and the solution

Therefore, in order for the full node to sync quickly, and make the blockchain available for other users expecting to sync, thanks to your node, we will be running two mutually exclusive instances of Bitcoin Core, albeit sharing the same data folder. Let’s call the first one “Public”, with an empty wallet, or simply a wallet, whose transparency is not a concern for you. The second one, called “Hidden” will be ran through the Tor Proxy, and will use its own wallet – the one you want to hide from sniffing. You will continuously be running the “Public” one, keeping it in sync and letting others sync, while whenever you need to make a transaction, you’d close the “Public” and start the “Hidden”, which will immediately pick up the latest synchronized data, while hiding the now incoming transactions, specific to this wallet.

Private browsing as a nice side effect

Once you setup the Tor Proxy on one of your Linux boxes, you will be able to allow private browsing for the whole family, without the need of using the Tor Browser specifically. It will be enough to point any browser to the Tor Proxy to enjoy private browsing. You could for instance have one browser for naked browsing, say Chrome, and other, say Firefox or Pale Moon for Tor private browsing only.

What you’ll need

  • A Linux or Mac OSX box, or Raspberry Pi, or any other similar SBC, with a Debian-based Linux distribution
  • Over 400 GB of free space for the Bitcoin blockchain database
  • Optionally a small encrypted partition to hold the hidden wallet

Donations welcome

This site uses neither ads, nor cookies. If you find the article useful, you might want to consider making a small donation, to justify my time spent on writing it and to motivate me to write more. Below are my donation addresses. If you make a donation or have any questions or feedback, do e-mail me via this form.

Monero donation address
My Monero donation address
83N3J8um9RbabuQtxk3NrGjYHVkgMHzaDGq7b61VqaijKFUNktpKd8rQ4MtMp2x9HP3LNwtcfU8sCVBPsjzqkVcFLMDtJ2i

Setting up and testing Tor Proxy

Raspberry Pi as Tor Proxy

  1. Buy a Raspberry Pi 3, or Raspberry Pi 4 from Amazon, along with a power supply, Ethernet cable (optional), and an HDMI cable for RPi3 or an HDMI - HDMI-micro cable for RPi4. RPi4 will also perform better with an aluminum case (for proper heat dissipation).
  2. Buy an SD card with preinstalled NOOBS.
  3. Insert the SD card into RPi, connect it to your screen with the HDMI cable, connect a mouse and a keyboard, as well as the Ethernet cable. Finally connect the AC power supply.
  4. Install Raspbian, as described here.
  5. Enable SSH, to be able to send commands remotely.
  6. Make sure, that your Rpi is connected to the network, either through WiFi, or if you prefer having it disabled via the top-right applet, through an Ethernet cable. Note down the IP address, as described in the SSH documentation above. Tip: write in terminal "hostname -I". Let’s assume it will be 192.168.1.100 (Note that WiFi IP and Cable IP will be different).
  7. Power off the RPi and switch back your screen to your desktop PC.
  8. Wait until the RPi’s LED stops flashing in green, then plug off and plug in the power supply.
  9. The Pi should be now accessible via SSH.

From Linux terminal write

ssh pi@192.168.1.100

From a Windows box you’ll have to use Putty. Enter the Pi’s IP, like in the example below, and click Save, which will allow you to reload the IP later on. Afterwards click Open.

Enter the default password, which is: raspberry
After a successful login, you could change it via:

passwd

Enter the following commands:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install tor
sudo cp /etc/tor/torrc /etc/tor/torrc.backup

Open the configuration file with:

sudo nano /etc/tor/torrc

Enter only the following configuration entries:

SocksPort 192.168.1.100:9050
SocksPolicy accept * 
RunAsDaemon 1
DataDirectory /var/lib/tor

Save the file with F2, and confirm with Y, followed by Enter.

Restart the Tor service:

sudo systemctl restart tor@default.service

Local Linux box as Tor Proxy

If you already use Linux and don't want to buy RPi, here's a variant for using a local Linux box as Tor Proxy but without the possibility of sharing the proxy over the LAN:

sudo nano /etc/tor/torrc
SOCKSPort 9050  # Instead of SocksPort 192.168.1.100:9050

Testing the Tor Proxy

Open Firefox and choose Preferences → Network Settings (at the bottom)

Select Manual Proxy, fill the IP field and make sure the port is 9050.

Close and then restart your browser. Now you are using your Tor Proxy in your browser, and so can other people in your LAN. You can verify it by browsing the URL https://check.torproject.org/. You should see the following picture:

You should now reboot the RPi, to ensure, that all the recently installed updates are in place, and that the Tor Proxy starts automatically, so write in the terminal:

sudo reboot

and after a minute try to access the Tor check site from Firefox again.

Routing the Bitcoin Core traffic through Tor

After having the Tor Proxy set up and confirming, that it's working, we will start by setting up an syncing a full node, using a Public Bitcoin Core variant.

Preparing startup scripts

Since the Public variant shares a lot of start up code with the Hidden variant, we'll prepare script for both in one go.

Download and install Bitcoin Core.

Next, we'll create 3 helper scripts:

  1. btc-common
  2. btc-public
  3. btc-hidden

Windows version:

Check out this site how to create batch files under Windows. Create one such and name it btc-common.bat . Paste there the following content and edit it according to your needs:

@echo off
rem Variables for securing BTC wallet with TOR and 
rem Meant to be manually edited.

rem Adjust to your unencrypted magnetic drive location
set DATA_DIR="E:\magnetic\crypto\btc\btc-data" 	    
rem Adjust to your encrypted partition
set WALLET_DIR="D:\encrypted\crypto\btc\wallet" 
rem Bitcoin installation dir  						
set INSTALL_DIR="C:\Program Files\Bitcoin"
rem Use all cores
set NPROC=%NUMBER_OF_PROCESSORS%	
rem ... or reduce to the desired number of cores to be used (easier on your PC's temperature)
set NPROC=3 					
rem Select the according Tor proxy
set TOR_PROXY="192.168.1.100:9050" 
rem ###################################################

Create btc-public.bat with the following content:

call btc-common.bat  rem Read common variables

rem Runs the "Public" version of the BTC full node,
rem which shares the data directory with the Tor - protected one,
rem but assumes using an empty wallet, or a "Public" wallet

cd %INSTALL_DIR%
bitcoin-qt.exe ^
-par=%NPROC% ^
-datadir=%DATA_DIR% rem Delete this line, if you intend to use the default data directory
rem ###################################################

Create btc-hidden.bat with the following content:

call btc-common.bat  rem Read common variables

rem Runs the "Public" version of the BTC full node,
rem which shares the data directory with the Tor - protected one,
rem but assumes using an empty wallet, or a "Public" wallet

cd %INSTALL_DIR%
bitcoin-qt.exe ^
-par=%NPROC% ^
-walletdir=%WALLET_DIR% ^
-proxy=%TOR_PROXY% -proxyrandomize ^
-datadir=%DATA_DIR%  rem Delete this line, if you intend to use the default data directory
rem ###################################################

Linux version:

After extracting the archive, go to the installation directory. For Linux it will be:

cd bitcoin-0.19.1/bin

nano btc-common.sh

#!/bin/bash -e

# Variables for securing BTC wallet with TOR and 
# Meant to be manually edited.

DATA_DIR="/mnt/magnetic/crypto/btc/btc-data/" 	    # Adjust to your unencrypted magnetic drive location
WALLET_DIR="/media/${USER}/encrypted/crypto/btc/"   # Adjust to your encrypted partition
NPROC=$(nproc)			# Use all cores, or...
NPROC=3 			# reduce to the desired number of cores to be used (easier on your PC's temperature)
TOR_PROXY="localhost:9050"	# Select the according Tor proxy
TOR_PROXY="192.168.1.100:9050" 	# Select the according Tor proxy
###################################################

nano btc-public.sh

#!/bin/bash -e

# Runs the "Public" version of the BTC full node,
# which shares the data directory with the Tor - protected one,
# but assumes using an empty wallet, or a "Public" wallet

source btc-common.sh

./bitcoin-qt \
-datadir=${DATA_DIR} \ # Delete this line, if you intend to use the default data directory
-par=${NPROC} 
###################################################

nano btc-hidden.sh

#!/bin/bash -e

# Runs the Tor - protected version of the BTC full node,
# which shares the data directory with the "Public" node.
# The wallet is expected to reside in a separate directory, preferably on an encrypted partition

source btc-common.sh

./bitcoin-qt \
-datadir=${DATA_DIR} \ # Delete this line, if you intend to use the default data directory
-par=${NPROC} \
-walletdir=${WALLET_DIR} \
-proxy=${TOR_PROXY} -proxyrandomize
###################################################

As the last step, make the scripts executable with:

chmod +x btc-*.sh

Moving files where they belong

If you’ve already created the wallet file, that you’d prefer to keep hidden, now it’s time to move it into the directory, pointed by the WALLET_DIR variable, from the above scripts. By default, your “wallet.dat” resides in the Data Directory. The default Data Directory path can be learned from Bitcoin Wiki. Please move “wallet.dat” out of there into an encrypted partition, if you have one, or any other place, different than the Data Directory and reference the new location with the WALLET_DIR variable, by modifying the btc-common script.

The same goes for the blockchain data. It’s best to move it to a magnetic drive. Don’t forget to reference the new directory via the DATA_DIR variable. If you prefer keeping it in the default location, then remove the lines starting from "-datadir=" in your two btc scripts.

Usage

Syncing the Public full node

It's finally time to use our scripts. Let's start from syncing our full node, using the btc-public script. Take your time.

Running the Hidden full node

Using the fact, that the node is synchronized and the Hidden instance reuses the same blockchain data, let's start the Hidden instance, by executing the btc-hidden script, to immediately see our latest transactions or perform new ones. Once all your transactions are performed, you may close the Hidden instance and let the blockchain replicate itself by restarting the Public instance.

To verify if the hidden instance works properly, routing traffic through Tor Proxy, you should see the "P" letter at the bottom right of the BTC window and hopefully some connected peers:

Bitcoin Core routing traffic through Tor Proxy

Long term goals

The absolute priority is to keep all your transactions private. If switching between the Public and Hidden variants is a hassle to you larger than the benefits of having a replicable BTC blockchain across the globe, you may simply run the Public node once to synchronize, and continuously leech the new blocks via the Hidden instance. It's your choice after all. However, if you're into computer networks, you could have the best of both worlds and open your router for the Tor traffic from outside. But this is out of scope of this article.

Further reading

If you found this article useful, show some love and please donate my work.